Menlo Secure Reviews

People are mainly using it for zero trust web access.

Menlo Secure is built from the ground up to provide zero basic access, and by doing it that way, it has multiple use cases. For example, it manages employees' access and use of Chat GPT, so they can still use Chat GPT but without posting company confidential information.

Another major use case is malware prevention for web-based malware through browsing the web or using web email. This safe browsing capability of Menlo Secure uses isolation technology, and it fits in the category of remote browser isolation.

The technology itself is what we distribute as a wholesaler, including a number of different technologies in the cyber space.

We work with Menlo Secure specifically, and it plays very much in the Prisma space.

There aren't specific areas for improvement; however, they're not as well known as the big vendors such as Palo Alto.

Menlo Secure is a smaller company with limited resources and funding, which makes it challenging to compete with larger companies such as Palo and Cisco.

What can be improved is market awareness and adoption of the technology. When selling it in the channel, regardless of how good the technology might be, success depends more on market adoption and awareness.

I have been working with it for about two years.

I am not aware of any major issues with deployment, so I would give stability an eight.

I am not aware of any major issues with stability, so I would give it an eight.

I would give the scalability of the product a nine.

Menlo Secure and Palo Alto approach problems differently, finding different ways of solving them. Palo has more market share and awareness than Menlo Secure. Palo has become a platform, and most people prefer to have as much integrated from one vendor as possible. However, if someone wants best of breed for web browser isolation, they would look at Menlo Secure. This is particularly true for banks, federal government, and similar organizations that might want best of breed for particular functions.

Compared with most solutions available, it is generally pretty easy to install and deploy. The vendor provides some support, but it doesn't require months of professional services. It is relatively easy to implement.

For customers, preventing malware reduces costs associated with cleanup and remediation, not to mention potential damage to reputation. This security technology addresses risk and enables people to conduct business without that risk, which is where the ROI is realized.

Pricing is comparable to other vendors, depending on the value received and the number of licenses needed. It is priced for enterprise customers, and those paying for it are clearly getting value, though they need to see that value first.

Menlo Secure and Palo Alto approach problems differently. For web browser isolation specifically, organizations such as banks or federal government might choose Menlo Secure when seeking a best of breed solution for particular functions. Other companies might prefer platform vendors such as Palo or Cisco.

Secure file sharing and data protection is not exactly what Menlo Secure is designed to do. While it can handle some of these functions, people typically choose another technology for those specific needs. It's not as obvious how to accomplish these tasks with Menlo Secure. The overall rating for this solution is 6 out of 10.

We previously used an on-premise proxy or a secure web gateway, but our employees were forced to do hybrid work during the pandemic. To connect to the office, they needed to connect to our VPN, and by doing so, they had to disable the proxy. That introduced a security risk because turning off the proxy exposes us to clickbait risks and phishing. We needed a solution that would cater to our needs but close those risks. Menlo Secure Web Gateway was the answer to that because it's cloud-based, and it provides a web isolation feature compared to other products on the market.

Right now, we're just looking at the private access and SaaS solutions.

The solution is invisible to our end users, so it doesn't have any impact on their work or performance. As far as friction with users, it only exists because we have to replicate our authentication in the cloud as well. They have to log in using a slightly different domain name from what we have in the office. As far as internet usage or speed is concerned, it's been pretty good so far.

This feature is very important because part of my objective when implementing information security is that the more invisible my tools are to the users, the better it is.

The deployment model is SaaS because it's provided by Menlo.

We are licensed for about 3,600 users, and we are deployed nationwide. We have a head office in Manila with about 2,000 users, and 1,600 users are deployed around the country. When users need to work from home, they can have safe Internet access from wherever they are.

We moved the proxy from on-premise to cloud-based, which gave us a huge advantage. We don't need to worry about our internet traffic anymore. The web isolation feature adds a layer of confidence. Even if our employees get to some site that is loaded with a malware payload, for example, there is no risk because we're confident that it will be isolated and mitigated. The risk in terms of email is lower.

The solution prevents all web and email security threats before they enter our network. The main difference with the on-premise proxy was that we were heavily dependent on signatures, web categorization, and filtering. We're doing a lot less of that now.

We have seen a decrease in the number of security alerts that our security ops team has to follow up on. Menlo provides a periodic report, which we can check on a regular basis. The report gives me confidence that the websites that are supposed to be blocked are always blocked. It lessens the tasks of the personnel who are doing web monitoring, so they're able to do other things.

I import these logs into my SIM. If a user gets to a site that is allowed and it's malicious, it usually gives me an alert. Since I've implemented Menlo, I haven't had an alert yet.

Accessing the internet with a proxy from anywhere is the most valuable feature. It ensures that users are only able to browse legitimate websites. If they happen to go to a legitimate website with a malicious payload, the isolation feature will take care of that.

The solution provides a single console for security policy and management. For management, they have provided a single platform console that we can access via the internet. From there, we can view a dashboard for our users, their activities, the risks mitigated, etc. We can see everything from a single pane of glass.

This single-pane approach is critical for us because we monitor certain indicators of compromise. For example, connecting to command and control hosts is one of them. If we see something that's triggering from there, it's more helpful than looking for that activity on our own. We can also monitor user profiles and user Internet browsing behavior. For example, are they working or are they just watching YouTube videos or going on Facebook?

I'm happy with the solution's ability to combine user-friendliness for admins and security for our organization. There are a few things that could be improved. When I talk to Menlo, there are still some features that I raised with them. In terms of logging, for example, it's quite impossible to get the total number of current users. There are still some sites that we will still need to bypass from isolation. When that happens, they don't need to authenticate with the solution anymore, so it just goes straight to the internet.

There are still some features that we're asking for, but the solution already provides 95% of what we need. So far, the ease of implementation has been quite seamless for us.

It's important for us that the solution does SSL decryption. In our previous proxy, we monitored user activity and were already doing SSL decryption. However, it's very important because we need to find out if there's any malicious activity, and we won't be able to detect that traffic is encrypted. There are certain sites that I don't want to take responsibility or accountability for. We aren't decrypting banking websites, for example, because I don't want to be aware of passwords or PINs. We can choose the sites that we want to exempt from decryption.

Our previous approach to SSL decryption is the same as what it is now. We've loaded the certificate on the proxy, and we define which sites we need to whitelist or blacklist from decryption. 

The user monitoring could still be improved. We are a government agency, so we purchased Menlo by user. If we have 3,000 users, we need to see that all 3,000 users are able to use Menlo. However, there aren't any reports that say, "In the past six months, all 3,000 users have logged in," because there are some cases where SSL is bypassed, for example. When they access sites like that, the user is not tagged as a normal user, so 3,000 may become 2,900, but I still need to account for 100 users. I'm working with Menlo right now to make sure that all user activity will be visible to me.

I have used this solution for a few months.

Since deploying the solution, we haven't had any issues. During the early stages, we had some tuning issues, but after setting it up and properly configuring everything, there haven't been any issues.

I don't think it would be an issue if we grew to 5,000 or 10,000 users because the solution is deployed on an elastic cloud.

I would rate technical support a nine and a half out of ten.

Technical support starts working on our issues almost immediately. I received exceptional support from them.

Positive

Menlo set up the cloud infrastructure. I was only involved with setting up the policies, testing the performance, and making sure that the use cases we identified worked.

The setup was straightforward. It was as easy as defining the proxy file on the computer.

The deployment was really fast. We were up and running in less than a week. Our users are located nationwide, so there was a test period for them before we finally disabled the old proxy.

For now, Menlo is doing all of the maintenance and updates. That's another thing that is offloaded from my personnel because we usually do the patching and updates on-premises. The solution is SaaS, so Menlo is responsible and accountable for that.

There are at least two people involved in the maintenance. 

Menlo was directly involved during the deployment. The reseller was there on standby or just observing.

I don't measure the ROI for the web, but the cost is justified because we're able to use the internet from anywhere securely.

The solution is expensive. It's more expensive than the solution I previously used. Compared with the other cloud-based solutions, it's very competitive.

I did a POC with two other solutions. The first was Palo Alto, which has a similar cloud-based proxy. The other was Forcepoint, but I was not able to do a POC for that because of budget constraints. The pricing of Forcepoint was too high for me. At the end of the day, the isolation feature was a big factor that the two other products didn't have.

I would rate this solution a ten out of ten.

My advice is that it's best to experience this solution on your own and compare it to what you have. When I first learned about Menlo, the use case didn't fit me at that time because I didn't need remote proxy access. I said, "With isolation, my other tool should be able to detect any malicious site that my users will be connecting to, and we should be able to manually do that mitigation." If I were to suggest this solution to a colleague, I would ask them to test and really compare it with their existing solution to have a hands-on feel or experience with the product so they can find out for themselves how good it is.

I'm still exploring the other features, but I've checked what MPA is doing. It can do reverse isolation, and it will probably be a tool that will eliminate VPN and provide secure internal application access. Moving forward, Menlo has the potential to offer a lot more.

We use it to secure the internet connection of all of our users, ensuring that they can connect as transparently as possible to all of the websites that are, of course, not hazardous. And anything hazardous is prevented as much as possible.

We were looking for an isolation solution so that there would be no impact at all on the systems that we are responsible for protecting. We didn't want to wait until a first attack was successful and then find out what the impact was and how we should react to it. That's why we chose Menlo. Either you have access to something or don't have access to it. And if you do, we can ensure, 100 percent of the time, that there is nothing malicious that is going to impact our system in any way. And that's for the on-prem users who are connected to the corporate offices, as well as for the users who are roaming.

The primary benefit is that it secures users wherever they are, whether they are roaming, or they are using their PC at home, at work, or at the airport. We are able to do that, and we are even able to do it with companies that we recently acquired.

Another move forward was that we started inspecting SSL traffic, which was something we were not inspecting before. We were closing our eyes to what was happening to 98 percent of the traffic because it was encrypted. Today, we are not closing our eyes. Menlo enabled us to inspect more traffic and avoid relying on traffic that clearly can be hazardous. That may be one of the reasons we discovered new use cases that were difficult to test before, and for which we have had issues configuring Menlo to handle.

Another advantage is the ability to produce reports that help us to understand what our users are doing, even within the website. For example, are they posting files or are they downloading files? That is clearly an ability that we acquired with the solution as well.

And when it comes to isolation, we haven't seen any threats that have succeeded in coming in through Menlo. I have evidence, of course, that in some cases we were infected by malware, but it was not able to avoid Menlo's protection and connect back to the internet to get instructions from the command and control service. We have clearly demonstrated that those threats just cannot harm us.

The isolation is one of the most valuable features.

The fact that it is a cloud proxy solution is another feature we like. For example, if you acquire a new company, you can use it to protect that new company without the need to install anything physically on their networks. 

Also, the ability to rewrite the links in emails so that nobody can connect to a link without going through Menlo's protection is something we have found very valuable. 

And the reporting feature, which involves a kind of programming language to query the logs or the data from the Menlo console is something we consider to be quite useful.

The solution should have no impact but it does have a bit of impact on end-users. For example, we encountered some issues in the downloads that took longer than they did without using Menlo. That is clearly not transparent for users. We expected not to have any latency when downloading anything from the internet with Menlo compared to without Menlo.

We are now transitioning to another solution. The main reason for that is that managing all of the exceptions and troubleshooting all of the issues our users have had connecting to the internet has become too significant in terms of workload, compared to what we hope we will have with another solution. In other words, we hope to get the same level of protection, while reducing the number of visible bugs, issues, latencies, impacts on performance, et cetera, that we have today with Menlo. We already solved most of them, but we still have too many such instances of issues with Menlo, even though it is protecting us for sure.

The weak point of the solution is that it has consumed far too much of my team's time, taking them away from operations and projects and design. It took far too much time to implement it and get rid of all of the live issues that we encountered when our users started using the solution. The good point is that I'm sure it is protecting us and it's probably protecting us more than any other solution, which is something I appreciate a lot as a CISO.

But on the other hand, the number of issues reported by the users, and the amount of time that has been necessary for either my team or the infrastructure team to spend diagnosing, troubleshooting, and fixing the issues that we had with the solution was too much. And that doesn't include the need to still use our previous solution, Blue Coat, that we have kept active so that whatever is not compatible or doesn't work with Menlo, can be handled by that other solution. It is far too demanding in terms of effort and workload and even cost, at the end of the day. That is why we decided to transition to another solution.

If we had known in the beginning that we would not be able to get rid of Blue Coat, we probably would not have chosen Menlo because we were planning to replace Blue Coat with something that was at least able to do the same and more. We discovered that it was able to do more but it was not able to replace it, which is an issue.

It is not only a matter of cost but is also a matter of not being able to reduce the number of partners that you have to deal with.

In addition, they could enhance the ability to troubleshoot. Whenever a connection going through Menlo fails for any reason, being able to troubleshoot what the configuration of Menlo should be to allow it through would help, as would knowing what level of additional risk we would be taking with that configuration.

We have been using Menlo Security Secure Web Gateway for two years.

Now, the stability is quite good. I would rate it an eight out of 10.

We have it deployed worldwide, in about 300 locations.

In the case where we acquired a new company with a significant number of systems, the ability to deploy Menlo to all of them, even if we were talking about 40,000 people, would not be an issue at all. 

One thing which could be a real issue is the ability of the solution, within the development plan of Menlo, to fit our needs. This is what led to our decision to remove Menlo.

We were using Blue Coat Systems before. First, that was clearly not protecting users who were at home or roaming. Second, it was not possible to use it to protect companies that we acquired until they confirmed that they were going to implement Blue Coat appliances on their networks. So Menlo was a huge move forward.

The initial setup was complex from the beginning, and even once it was in operation. We even needed to have an on-prem meeting with my team in charge of the implementation and the techs from Menlo to determine the best configuration settings to make it work and avoid issues as much as possible (which we still had afterward). It is not at all simple to deploy.

We had between five and 10 people involved in the setup. They were in charge of operations, meaning any changes to or troubleshooting on equipment that was live. Others were in charge of the implementation of this type of system, including defining the proper architecture and configuration and adapting and tuning the configuration.

A couple of years later, we still had a significant number of open tickets with their help desk due to issues connecting through Menlo.

It is deployed on the cloud. We were planning to use Menlo on-prem in China, but we are rerouting the traffic from China to Hong Kong and going from Hong Kong to the internet.

The maintenace is not lightweight. I don't know what portion of the time that we were spending on the tool was due to maintenance and what part was due to new issues that were raised by our users. The maintenance is a split responsibility between the local IT operational guys and the people from my team.

Our experience with their consultants was very good. 

Our only issue is that we kept asking them how they managed, with their other customers, the issues we were encountering. An area for improvement for them would be that when they meet their customers, don't let them think that they're troubleshooting something for the first time. There is no reason that they wouldn't have seen something different with another customer.

They were not leveraging the experience they had with other customers enough to anticipate and prevent the issues on our networks; or, at least, when they happened, to solve them much quicker than they would have if they had never been seen before. We consider that as a lack. They need to learn how to let other customers benefit from the experience they had with us.

We haven't seen a decrease in the number of security alerts that our security ops team has to follow up on, but we were not even able to measure that before deploying Menlo. It's very hard to demonstrate the return on investment by looking at the decrease in the number of incidents compared to before, as we had nothing before that was truly able to demonstrate to us what was really happening. 

If we had implemented a solution from a Menlo competitor before, and we were moving to Menlo, that would have enabled us to compare both solutions. That is something we are going to do after we transition from Menlo to Skyhigh Security, even though the alerts will not, of course, have occurred at the same time. We will be comparing things that are a couple of months, or years, apart. We will try to demonstrate the different levels of protection provided by Menlo compared to Skyhigh. But that will happen half a year from now.

The pricing is good. We were convinced that it was the right price for such a solution at that time. Again, we didn't know that we would have to keep Blue Coat. At that time, we were thinking that we would be able to get rid of Blue Coat, and for that reason, the price would be good.

We evaluated several other solutions, including Zscaler and the complete portfolio of Symantec as well.

We went with Menlo because of the connection to the execs of Menlo and the ability to talk to them. The size of the company, compared to Symantec, was definitely a factor, but the ability to get in touch with the right people as quickly as possible, and trust their strategy and their level of protection, were important. The ability to get a contract where they commit to protecting, 100 percent, against any threat, as long as you use isolation, was a clear improvement for us. And the fact that it was a cloud proxy solution, was another part of the decision.

My advice is to pay attention to all of the use cases you have and try to understand what Menlo is or isn't addressing so that you don't discover that you still need to keep an old technology that may even be outdated. To do that, you need to be very clear about your use cases and how you will cover them with Menlo or if Menlo will not cover them.

While the solution provides a single console for security policy and management, which is an interesting feature, as long as you're able to connect through APIs to all your SaaS solutions, the fact that you use the very same SaaS solution or not is probably less important. I'm not saying it is not important that Menlo has a console, but it's a bit less important if you're using an orchestration automation solution. We also have Palo Alto Cortex XSOAR that we are using to automate and orchestrate.

Regarding the fact that Menlo secures the web, email, SaaS, and private applications, the latter, private applications, is very important, as is email although probably less so. The magnitude of risk is higher for private applications that are exposed without protection on internet. It depends on the use cases that you are looking to cover. If, for example, you don't have any private applications that you need to expose, then of course that type of protection is not important at all, but you still receive emails within which you need to rewrite the links. If you have both requirements, meaning a bunch of private applications that are exposed plus emails for which you need to rewrite links, in that case, rewriting the links is probably less important than ensuring the protection of your private applications.

It doesn't make sense to only perform partial protection. Everything you implement to secure the connections and the assets you are responsible for should, at some point, merge together. It should be SD-WAN and web gateways and probably even CASBs and email protection. All of that probably will tend to merge together and you can look forward to reducing costs and the number of partners.

Don't look at it as: "I have a new need, I want a new solution," because if you do that, you will end up with a huge number of vendors and solutions on your systems and it's going to be super difficult to ensure that you manage all of that consistently. Whereas if you really have a vendor that is at least addressing, if not all the possible needs, at least all of your needs, and you are able to manage that in a consistent way, even if you have to program something in your orchestration solution, you will be able to manage all of it in a consistent way and in a timely manner.

We are using it to protect our users as they navigate the web. It is their cloud service, and we have set up a proxy to go through their service.

The way we have it configured is that our staff basically logs into the internet to go out and surf. We have integrated it with Active Directory, and the users just provide their credentials. We have a screen that prompts them for those and also reminds them of how to behave on the internet. I believe we can change that now, but that was the way we rolled it out years ago. It is a good reminder for our staff. Generally, we like it. We even updated the landing page for that screen earlier this year. It works well for us. Other than that, the users don't really notice it.

For us, the primary goal is protection on the web, and that's extremely important. We're not using any of the other services at this time. The web part is key to the success of the organization. It gives us the ability to protect. It can isolate. It opens the session in an isolated format so that the code isn't running locally. It is running over in the Menlo environment, not in ours. It is not running on the local computer, whereas if you were to go to a normal website, it would run Java or something else on the local machine and potentially execute the malicious code locally. So, it does give us that level of protection.

It has worked very well for us. We've had very little trouble. We've had no malware that I'm aware of, which is common with surfing the web. As people move around on the web, they'll pick up various malware. It has always been a problem for me in the past, but since we've rolled out this solution, I can't remember the last time somebody had something weird on their system that had to be uninstalled. So, nobody is picking up odd things as they surf the web.

It also protects the opening of documents. When you download a report or document, it is opened in a protected fashion. So, the user can read that and be safe. It then gives you the opportunity to download the original or a safe version. If the user is still a little uncertain, they do have the ability to download it in the safe version so that if it had any malicious content, it is no longer a threat.

Prior to the acquisition of this service, staff was restricted heavily in terms of who was allowed to go to the internet. There were security concerns, and they just didn't feel comfortable letting just anybody go out and surf the internet to find anything. It was heavily restricted, which produced issues with staff trying to get tasks done. They'd have to call and ask for access to something or just access in general. If they were all blocked as a user, they'd have to go to somebody else. We've improved the efficiencies of the department by giving them the ability to more freely access the internet in a safe fashion. They're more efficient and therefore, more responsive to our members or customers.

We are not aware of a single compromise from the web since implementing the solution. In terms of its effect on our operations or business, overall, it has had minimal impact on the IT operations. It is easy to manage as an organization. It has improved efficiency and the ability for someone to quickly do research on an item and respond to the customer in a more timely fashion. So, from a customer standpoint, we are providing a better service.

It has significantly reduced the number of concerns. I'm not aware of a single piece of malware landing on a computer since we rolled out the solution.

The isolation is most valuable. It gives us another layer of defense against phishing sites, and they usually are isolated and blocked. Its primary goal is to protect us from the malicious websites out there in the world.

It provides a single console for security policy and management. This ease is really important. Ease of management is the key feature of the solution, and that has worked out really well for us because we can use it regularly to see what's going on out there, watch the traffic, and see who is doing what.

It is overall great. From the user standpoint, they generally don't even know it is there. From the administrative point, they continue to improve that environment. They've improved the reporting on it. It is really easy to go in and get statistics, see activity, and make configuration changes. Overall, the administrative interface is really good.

It is browser agnostic, and most sites work. If there are any sites that don't, we can bypass or allow them. You have different levels. A lot of times, your firewalls are just yes or no. You can get to a site, or you can't get to a site. This gives us the ability to leave something in isolation, or we can allow it. So, it is still going through the Menlo environment, but it is not blocked. It doesn't get the isolated layer. We can block if we want. Sometimes, if we want, for a regular partner or something like that, we can do a full bypass. It just doesn't hit Menlo at all. We have a lot of options there that our basic firewall just doesn't provide us.

Right now, the only piece would be one or two reports that I'd love to get my hands on. I don't think they exist. With any system firewall or solution like this, you have to create bypasses, which is an access control list. One of the standard things that we would do in other firewalls is a regular review. We quarterly go and take a look at who we grant access to and if it is still needed. For example, when you're working with a partner, you might do a full bypass to that site as long as they are a partner, but over time, you add 200 extra rules. At some point, that partner you had ends up no longer being a partner, but that old rule is still there. You want to be safe. You need to give them access today, but you don't necessarily need to do that tomorrow. So, you need to be safe about it and block it again. Currently, I don't have a good way to see which of my rules are being used in the access control lists. I have numerous entries, but are they all still needed? A report that would show me my list of who is allowed and whether we're actually using it would be useful because I can then go clean up my list. It would be easier to manage. We would eliminate the vulnerability of unused services.

I have been using this solution for about five years.

It is rock solid.

It is super easy. It just requires additional licenses. We could add 50 people tomorrow, and the system will accommodate. We would just contact our reseller for additional licensing.

We have approximately 120 users. We have five physical locations, but the service obviously works from home. Our staff is required to use VPN for work, and they continue to use the service through their VPNs. The total number of computers protected is probably close to 180.

If we needed to add more, their system does have a buffer in it. If you're growing slowly, it easily is accounted for, but to do a massive change, you probably would have to contact them. For example, if I'm bringing on 50 people tomorrow because of an acquisition and want to protect 50 new users, I would just contact our reseller and say that I need to add more user licenses.

Early on, when we were first rolling it out, we did work with them. We've had a couple of questions here or there about how best to proceed. We have reached out, and they typically respond quickly. I would rate them a 10 out of 10.

Positive

There was no solution prior to this. When I was asked to find a solution, it was hard to find because it was relatively new technology. There were a handful of providers, but they all seemed to be, in terms of the technology or solution offerings, in their infancy.

It was relatively simple. The hardest part for us was to integrate with the Active Directory environment. The version we were running at the time was slightly outdated. So, it did present a little bit of a challenge, but with a little effort, we were able to overcome that and deploy it to get it rolling. Overall, it was pretty quick. 

Their team was very supportive. They would have an engineer get on the line with us if we were struggling in any way. During the deployment, they were very helpful.

We took our time. As a new service, we didn't want to just flip the switch and have everybody go that route. So, we went gradually. We would do a departmental rollout. We rolled it out in about 90 days. After we decided on the product, we discussed the best way to approach deployment. We decided to do it at a departmental level, bringing on one group of staff at a time so that we could address their needs and any problems that arise as we bring on more and more staff members. That's why it took us about 90 days. That was the original plan. We were cautious. It was brand new. So, we were just being cautious. We could have flipped the switch for everybody in one day, but that didn't seem like the right move.

In terms of maintenance, we have to provide a new license for the service annually. In addition, if somebody is not able to get into something, or we realize that something should not be accessed, we'll update the allow and block lists. That is expected, but in terms of real administration, we only have to remember to get our license loaded.

One of their development engineers or a member of their team worked with us when we had any kind of issues in the deployment. It was really smooth.

We have seen an ROI because of the fact that I don't see any malware in my environment, and no one has been compromised since we implemented it. There is improved efficiency with staff being more freely able to access information on the web.

It is appropriately priced for what they're doing for us. Considering the protection provided, I feel their pricing is spot-on. 

When doing my initial research, there were other solutions. Some required hardware, some required proprietary browsers, and some of those were quite expensive. One of them was a hardware solution. It was not easy to deploy and grow, whereas with Menlo, as the organization grows, I simply add additional users. With the hardware solution that we had seen, I'd have to buy a new appliance to handle the workload, and that was cost prohibitive.

When I arrived, the ask was how to surf the web safely, and after some research, I finally found the term web isolation. That's what took me to Menlo and some of the competitor products, but the Menlo product was the most agnostic in terms of the browsers or operating systems. It was easy to manage and cost-effective. It ended up being the right solution for us.

To those who are evaluating the solution, I would certainly recommend that they move forward. If they were undecided, I would certainly nudge them towards acquiring a solution. I've seen the proven benefits of it. So, I would just recommend that they move forward, but obviously, do their due diligence and get a demo.

To a security colleague who says that Menlo only provides private isolation rather than a full stack of security, I would say that they need to consider a layered approach to their security, and this is one piece. They should definitely consider adding it to their stack in their facilities.

We are looking to pick up some other pieces that we just don't have right now. They have DLP, and that's a piece I'm adding on later this year, along with CASB. So, the quality of the gateway is just going to get better, and the quality of information is going to get better.

I would rate Menlo a 10 out of 10.

Open browsing of systems on the web from endpoints within our network that could be vulnerable as a pretty quick avenue to exploitation is the primary issue that we are addressing. What I like about the Menlo Security solution is that it isolates all that browsing activity well and away from our infrastructure, keeping all of the noise out. Therefore, if our security tools hit on something, then it is something worth looking at, not just a bunch of garbage.

All our endpoints are designed to hit the Forcepoint proxies, then the Forcepoint proxy directs it out to the Menlo Security Cloud environment.

For the most part, the solution is invisible to our end users, which is important to us and impacted our choice in going with this solution. It does the best that it could possibly do given what it is doing. There are certain sites that don't work well with isolation on business sites. So, we have a process for creating exceptions to bypass isolation for those sites.

It has reduced security events to follow up on. While it is not 100%, there has been probably a 90% or more reduction. We were getting hit left, right, and center constantly from people browsing the Internet and hitting bad websites. It was not just bad websites that were stood up to be malicious, but good sites that were compromised.

It is pretty important to be able to inspect the traffic that might be maliciously encrypted. Although, decryption is becoming less of a thing as time goes by. There is a changing mindset amongst the security community on it, and we see that in some of the changing standards.

• The technology itself
• Web isolation
• Doing it seamlessly from an end user perspective.

These features are critical. 

The solution provides a single console for security policy and management. This just makes things more efficient for us, which is pretty important.

The solution’s ability to combine user-friendliness for admins and security for our organization is about as good as it gets. We can provide open browsing access to the Internet, disallowing the usual suspect categories like gambling. So, we allow access to the rest of the Internet, which is a wealth of information for business users. It provides them with a seamless way to engage without any noticeable differences, yet doing that very safely. From the administrator's perspective, being able to get in, quickly and easily, to make the adjustments that need to be made for exceptions for valid business sites is important to us.

In the best of all worlds, we wouldn't have to make any exceptions. However, that is a big ask because a lot of that depends on how websites are constructed. For example, there are some very complex, application-oriented sites that we end up making exceptions for. It is really not that big an issue for us to make the exceptions. We feel like we are doing that without a huge impact on our security posture, but we do have to make some exceptions for complex sites, e.g., mostly SaaS-type sites and applications.

I have been using it since 2016.

They handle all the maintenance. They manage it very well. They continuously update it and let us know. They provide updates without disrupting the service. So, it is really well done.

It is almost infinitely scalable because it is SaaS-based. We only have about 2,500 endpoints, but I think they have onboarded some huge banks and other organizations as well as a huge segment of the federal government recently. While I don't know what their total endpoint count is, it must be pretty huge by now.

The technical support is excellent. I would rate them as 10 out of 10.

There have been very few problems or bits of downtime. I can only remember one in the last six years, and that was before business hours. It was a total of 10 minutes, or something like that. It was pretty small.

Positive

We were previously using Forcepoint, which is pretty similar. We still actually have a Forcepoint proxy in place as another layer. We were using SSL decryption in that environment as well. We got Menlo Security on top of Forcepoint for the isolation piece because we wanted the full prevention. 

With Forcepoint, it was just watching the traffic to figure out what is good and bad, then alert on what it thinks is bad. Menlo Security doesn't try to figure that out. It just keeps it out. It is very preventive.

Every solution has to fit the organization and its needs. We happened to have had other tools in place prior to Menlo that we have integrated and kept as part of our layered defense on purpose. There has been some redundancy in that too, and we have made that choice purposefully. That is why we haven't engaged in more of their services. If I was starting out brand new and didn't have an Internet proxy, i.e., no email nor a gateway service already, then I would consider going with them as a full stack.

We purposefully did a phase deployment instead of turning it on enterprise-wide. We used Forcepoint to direct traffic from the different network segments to Menlo Security, as we wanted to continue the phased approach. So, it took us probably four to five weeks to roll out completely. After those four to five weeks, the drop in security incidents was really significant.

I was running the security operations function back then. I am the one that brought the solution in. With the help of just one other person, we got it deployed. I was managing the area. The other person did most of the work.

We have definitely seen ROI.

We save a ton of money and time. Previously, the numerous hits that we were receiving from our security tools, prior to implementing them, had to all be chased down, dispositioned, and endpoints had to be reimaged. It was just a ton of effort to do all that. That is where the savings from time and money come in.

We saw immediate results after deployment.

We looked at a few solutions and they were pretty clunky and disruptive. The thing that we liked about Menlo Security is it provides a seamless browsing experience while shielding us. Also, the administrative interface to the system is really well-designed. It is very easy to manage.

I did a spot check of some of the others who were available at the time. There weren't many. At the time, Menlo was the only company that offered this type of isolation. We were even thinking about serving up browsers over Citrix, before we went to Menlo Security, to keep all of the traffic isolated to an environment, not at a bunch of individual endpoints all over the enterprise. 

Menlo allowed us to do it seamlessly without deploying a special browser. It was really the only alternative at the time. I know there are some competing products now. 

Isolating web sessions couldn't be done any better than it currently is being done.

We haven't engaged the email and SaaS application use cases yet. This is something that we are looking at. There is some protection in email since a lot of the phishing emails have links out to web servers, which then get shielded by Menlo Security. It is the attachment isolation piece that we haven't yet onboarded.

We are not yet using the Menlo Private Access feature, but we are looking at it. They provide other services that we don't happen to yet engage. We just started with their initial use case and stuck with that.

I would rate it as 10 out of 10. It is the cornerstone of our security posture. It keeps the noise out. If you have too much noise, then all the processes that you have to invoke to deal with that are expensive, requiring resources that are hard to find and maintain, in terms of humans. It just prevents so much of that need.